libsandbox: fall back to tracing set*id programs - proj/sandbox.git

diff options

author	Mike Frysinger <vapier@gentoo.org>	2012-12-03 01:15:15 -0500
committer	Mike Frysinger <vapier@gentoo.org>	2012-12-24 03:01:36 -0500
commit	26ad6af1a4f246bda3cd7a19a24c1767ec9c835e (patch)
tree	d660468151bd7137f889463ce37876586b1013bd /tests/utime-0.c
parent	sb_gdb: improve gdb integration (diff)
download	sandbox-26ad6af1a4f246bda3cd7a19a24c1767ec9c835e.tar.gz sandbox-26ad6af1a4f246bda3cd7a19a24c1767ec9c835e.tar.bz2 sandbox-26ad6af1a4f246bda3cd7a19a24c1767ec9c835e.zip

libsandbox: fall back to tracing set*id programs

If we are non-root and run a set*id program, the ldso will ignore our LD_PRELOAD (rightly so). Unfortunately, this opens up the ability to run set*id apps that modify things and sandbox cannot catch it. Instead, force ptracing of these ELFs. While the kernel will disallow the set*id aspect when running, for the most part, that shouldn't be a problem if it was already safe. URL: http://bugs.gentoo.org/442172 Reported-by: Nikoli <nikoli@lavabit.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Diffstat (limited to 'tests/utime-0.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: